%term

Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer

Apr 29, 2026 By Raphael Silva In Aikido

A new npm supply-chain compromise is targeting the SAP developer ecosystem. The affected packages we are tracking so far are: The pattern is familiar but also a bit different: a trusted package receives a new preinstall hook, the hook runs a new setup.mjs file, and that loader downloads the Bun JavaScript runtime to execute a large obfuscated payload named execution.js. The payload is an 11.7 MB credential stealer and propagation framework.

Read Post

Aikido

Read more about Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer

Stryker Hack: What We Know So Far

Apr 29, 2026 By Outpost24 Threat Intelligence Team In Outpost 24

On March 11, 2026, the Iranian hacktivist group Handala Hack Team claimed responsibility for compromising the American healthcare technology company Stryker. Public reporting suggests more than 200,000 systems were impacted and up to 50TB of data exfiltrated. While these figures remain unverified, the scale of operational disruption alone places this incident among the most significant enterprise cyber events of the year so far.

Read Post

Outpost 24

Read more about Stryker Hack: What We Know So Far

Inside the Hidden VM: How Attackers Stay Undetected

Apr 29, 2026 By Sophos In Sophos

Threat actors are getting better at hiding in plain sight through using virtual environments to evade detection and deliver ransomware. New research from Sophos X-Ops reveals an increase in the abuse of QEMU, an open-source emulator, to conceal malicious activity inside virtual machines. While this technique isn’t new, its use for defense evasion is accelerating, making visibility and detection even more challenging for defenders.

View Video

Sophos

Read more about Inside the Hidden VM: How Attackers Stay Undetected

A Mini Shai-Hulud Targeting the SAP Ecosystem

Apr 29, 2026 By Guillaume Valadon In GitGuardian

7 stolen GitHub tokens. 971 repositories. A self-replicating supply chain attack targeting SAP's Node.js packages — and it's still active. Here's what GitGuardian found.

Read Post

GitGuardian

Read more about A Mini Shai-Hulud Targeting the SAP Ecosystem

'Mini Shai-Hulud' supply chain attack targets SAP npm packages

Apr 29, 2026 By Sophos Counter Threat Unit Research Team In Sophos

On April 29, 2026, security researchers detailed a campaign known as ‘mini Shai-Hulud’ that involves compromised versions of npm packages used in SAP’s Cloud Application Programming Model (CAP). The malicious packages reportedly contain functionality to steal sensitive data such as credentials. The stolen data is encrypted and exfiltrated via public GitHub repositories. The maintainers of known-compromised packages have released updated versions.

Read Post

Sophos

Read more about 'Mini Shai-Hulud' supply chain attack targets SAP npm packages

Persistent Online Worlds, Persistent Risks: The Security Challenges of MMORTS Games

Apr 28, 2026 By SecuritySenses In SecuritySenses

Massively multiplayer online real-time strategy games occupy a specific and underexamined position in the gaming security landscape. Unlike session-based games where a match ends and the state resets, MMORTS titles run continuous worlds where player-built empires, alliances, and resource stockpiles exist around the clock, whether or not the player is logged in. That persistence creates a threat model significantly closer to financial services platforms than most people in either the security or gaming industries tend to acknowledge.

Read Post

SecuritySenses

Read more about Persistent Online Worlds, Persistent Risks: The Security Challenges of MMORTS Games

Continuous Threat Exposure Management (CTEM): The Complete Guide to Proactive Cybersecurity

Apr 28, 2026 By SecuritySenses In SecuritySenses

The cybersecurity landscape has fundamentally changed. Organizations today manage sprawling digital environments - cloud workloads, remote endpoints, SaaS applications, third-party APIs, and hybrid infrastructure - all of which expand the attack surface at a pace that traditional security programs simply cannot match.

Read Post

SecuritySenses

Read more about Continuous Threat Exposure Management (CTEM): The Complete Guide to Proactive Cybersecurity

BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector

Apr 27, 2026 By Arctic Wolf Labs In Arctic Wolf

Arctic Wolf has identified a targeted intrusion against a North American Web3/cryptocurrency company, which we attribute with a high confidence level to BlueNoroff, a financially motivated subgroup of DPRK’s Lazarus Group.

Read Post

Arctic Wolf

Read more about BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector

Crypto theft, Vercel breach, Mastodon attack, North Korean IT in US & cyber negotiator guilty [316]

Apr 27, 2026 By LimaCharlie In LimaCharlie

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.

View Video

LimaCharlie

Read more about Crypto theft, Vercel breach, Mastodon attack, North Korean IT in US & cyber negotiator guilty [316]

Supply chain attacks hit Checkmarx and Bitwarden developer tools

Apr 24, 2026 By Sophos X-Ops In Sophos

Sophos X-Ops is aware of reports that two widely-used developer tools – the Checkmarx KICs security scanner and the Bitwarden CLI – were hijacked on April 22, 2026, to steal credentials from development environments. These attacks occurred within hours of each other and share the same command-and-control (C2) domain – potentially pointing to a single threat actor running a coordinated campaign. Both vendors have since reportedly contained the incidents.

Read Post